Posts in the Education Sector Category at DataBreaches.net, Page 2

KY: Hopkins County school system dealing with data breach

Posted by Dissent at 6:02 pm Education Sector, Hack, U.S.

Jun 102019

Rachel Smith reports:

Parents of Hopkins County schoolchildren were greeted with a message from the school board Thursday morning alerting them of a data security breach. Because of a school board staff member’s password-protected account being compromised, a currently unidentified user had access to a countywide database, which contains the names, dates of birth and Social Security numbers of about 7,000 students, according to school officials.

While there is no current evidence the user obtained students’ personal information, school board officials cannot say for certain the information was not accessed.

9.5 billion rows of email metadata leaked by Shanghai Jiao Tong University

Posted by Dissent at 11:02 am Education Sector, Exposure, Non-U.S.

Jun 102019

Justin Paine reports:

While searching Shodan, I recently discovered an ElasticSearch database without any authentication. This database contained metadata related to a huge amount of emails. It was eventually confirmed that this server and the email metadata was controlled by a large university located in China. I would like to thank the university’s security team for their prompt action to secure this data once notified. As far as I am aware they have not notified the impacted students though.

Massive Security Flaw Detected on Baltimore County Schools’ Digital Platform, Exposing Highly Sensitive Information on Students and Staff Members

Posted by Dissent at 8:17 am Education Sector, Exposure, U.S.

Jun 062019

Ann Costantino reports:

A massive security flaw has been detected that allowed unrestricted access to highly sensitive records pertaining to students, staff and internal school system data on a Baltimore County Public Schools (BCPS) public facing website.

The system’s BCPS One/Schoology platform, where students are able to access classes, grades and academic resources online, is the source of the breach where anyone with a password – including students, parents, and staff members – have had access to personal student and staff member information, as well as some sensitive school system records.

Some records found go back to the 2008 – 2009 school year.

The University of Chicago Medicine Exposed ‘Perspective Givers’ Database With More Than A Million of Records

Posted by Dissent at 8:55 am Education Sector, Exposure, Miscellaneous, U.S.

Jun 042019

Another Elasticsearch misconfiguration found by SecurityDiscovery. You can read about it here.

Australian National University data breach stretching back 19 years detected; Affects approximately 200,000

Posted by Dissent at 8:15 am Education Sector, Hack, Non-U.S., Of Note

Jun 042019

ABC in Australia reports:

The Australian National University has been hit by a massive data hack, with unauthorised access to significant amounts of personal details dating back 19 years.

A sophisticated operator accessed the ANU’s systems illegally in late 2018 but the breach was only detected two weeks ago, the university said in a statement.

Based on student numbers over that time, as well as staff turnover, the university has estimated approximately 200,000 people were affected by the breach.